CoreID/deploy/README.md

33 lines
1.6 KiB
Markdown

This deployment is parameterized for use with `envsubst(1)`.
You will need to set up the secret values and environment variables (see below).
```shell
bash -c 'for f in *.yaml; do envsubst < $f | kubectl apply -f -; done'
```
## Supported environment variables
Set these environment variables in your shell before running the above command to apply the Kubernetes spec.
- `COREID_DOMAIN` - domain name where CoreID is accessed (e.g. `coreid.mydomain.com`)
- `DOCKER_REGISTRY` - host of the docker registry to pull the image from (e.g. `registry.mydomain.com`)
- this is the same registry that is used by `yarn docker:build` and `yarn docker:push`
- `COREID_DATABASE_HOST` - MongoDB host (e.g. `mongo.mylan.net`)
- `COREID_DATABASE_NAME` - MongoDB database name to use (e.g. `coreid_p1`)
- `COREID_LDAP_BASE_DC` - base DC to use for LDAP tree (e.g. `dc=platform,dc=local`)
- `COREID_REDIS_HOST` - Redis host (e.g. `redis.mylan.net`)
- `COREID_SMTP_HOST` - SMTP server host (e.g. `smtp.mymail.com`)
## Secret values
The spec expects there to be a `coreid-secrets` secret in the `starship` namespace with the following values:
- `SECRET` - hash seed used by CoreID (e.g. `df8db5a2-429b-4597-a013-18efee2465e0`)
- `SMTP_USER` - username used to log-into SMTP server (e.g. `user@mymail.com`)
- `SMTP_DEFAULT_SENDER` - email to use as FROM address. Usually same as `SMTP_USER` (e.g. `user@mymail.com`)
- `SMTP_PASS` - password for `SMTP_USER`
- `REDIS_PASS` - password for the Redis service
- `X509_CERT` - contents of the x509 certificate to be used for SAML/LDAP/RADIUS
- `X509_KEY` - contents of the x509 certificate key to be used for SAML/LDAP/RADIUS